Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Bugs in our Pockets: The Risks of Client-Side Scanning

Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, Carmela Troncoso

TL;DR

It is argued that CSS neither guarantees efficacious crime prevention nor prevents surveillance, and by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.

Abstract

Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source, would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy -- in the sense of unimpeded end-to-end encryption -- and the ability to successfully investigate serious crime. In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.

Bugs in our Pockets: The Risks of Client-Side Scanning

TL;DR

It is argued that CSS neither guarantees efficacious crime prevention nor prevents surveillance, and by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic.

Abstract

Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source, would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy -- in the sense of unimpeded end-to-end encryption -- and the ability to successfully investigate serious crime. In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.

Paper Structure

This paper contains 25 sections, 3 figures.

Table of Contents

  1. Introduction
  2. Content Scanning Technologies
  3. Content Scanning Methods
  4. Content Scanning Operation Flows
  5. Security and Policy Principles for Content Scanning
  6. Threats to CSS Systems
  7. Core Security Engineering Principles
  8. Core Policy Principles
  9. CSS Introduces New Privacy and Security Risks
  10. Privacy Risks
  11. Security Risks
  12. Implementation Decisions' Impact on Security
  13. CSS Is Less Efficacious in Adversarial Environments
  14. Evasion Attacks
  15. False-positive Attacks
  16. ...and 10 more sections

Figures (3)

  • Figure 1: Scanning operation flows. Left: Server-side scanning. Right: Client-side scanning (the main changes are in orange)
  • Figure 2: From server-side to client side: New compromise paths and advantage points for adversaries ($\longrightarrow$: compromise paths in server-side scanning; $\longrightarrow$: compromise paths in CSS; $\ext@arrow 0359$$\relbar$ →${\textcolor{white}{lllll}}$: knowledge gained by adversary in CSS)
  • Figure 3: Collisions of the NeuralHash function extracted from iOS 14. Top: Two pairs of accidentally colliding images in the ImageNet database of 14 million sample images; Bottom: An artificially constructed pair of colliding images.